FreshPorts -- The Place For Ports If you buy from Amazon USA, please support us by using this link.
Follow us
Blog
Twitter

I am looking for an LTO tape library. Do you have one to spare?
Commit found by message id
Tue, 3 Nov 2009
[ 09:45:47 miwi ] Original commit 
kdebase4-runtime x11  Deleted files touched by this commit  An older version of this port was marked as vulnerable. Basic applications for the KDE system
kdelibs4 x11 files touched by this commit  An older version of this port was marked as vulnerable. Base set of libraries needed by KDE programs
Secuirty Update:

Ark input sanitization errors:
The KDE archiving tool, Ark, performs insufficient validation
which leads to specially crafted archive files, using unknown
MIME types, to be rendered using a KHTML instance, this can
trigger uncontrolled XMLHTTPRequests to remote sites.

IO Slaves input sanitization errors:
KDE protocol handlers perform insufficient input validation, an
attacker can craft malicious URI that would trigger JavaScript
execution. Additionally the 'help://' protocol handler suffer
from directory traversal. It should be noted that the scope of
this issue is limited as the malicious URIs cannot be embedded
in Internet hosted content.

KMail input sanitization errors:
The KDE mail client, KMail, performs insufficient validation which
leads to specially crafted email attachments, using unknown MIME
types, to be rendered using a KHTML instance, this can trigger
uncontrolled XMLHTTPRequests to remote sites.

Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru> (based on)
Approved by:    secteam (myself), portmgr
Security:      
http://www.vuxml.org/freebsd/6f358f5a-c7ea-11de-a9f3-0030843d3802.html

Number of ports [& non-ports] in this commit: 2

Showing files for just one port: x11/kdebase4-runtime

show all files

hide all files


2 files found
ActionRevisionLinksFile
modify 1.227 View diff View revision /ports/head/x11/kdebase4-runtime/Makefile
import 1.1 View revision /ports/head/x11/kdebase4-runtime/files/patch-ocert-2009-015-kioslave
Login
User Login
Create account

Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD

This site
What is FreshPorts?
About the authors
FAQ
How big is it?
The latest upgrade!
Privacy
Forums
Blog
Contact

Search
Enter Keywords:
 
more...

Latest Vulnerabilities
chromiumAug 26
fileAug 21
py-djangoAug 21
py-django-develAug 21
py-django14Aug 21
py-django15Aug 21
php53Aug 18
phpmyadminAug 17
chromiumAug 13
serfAug 11
subversionAug 11
subversion17Aug 11
nginxAug 09
nginx-develAug 09
mingw32-opensslAug 06

6 vulnerabilities affecting 9 ports have been reported in the past 14 days

* - modified, not new

All vulnerabilities


Ports
Home
Categories
Deleted ports
Sanity Test Failures
Newsfeeds


Statistics
Graphs
NEW Graphs (Javascript)
Traffic

Calculated hourly:
Port count 24170
Broken 169
Deprecated 319
Ignore 455
Forbidden 17
Restricted 223
No CDROM 95
Vulnerable 23
Expired 234
Set to expire 308
Interactive 0
new 24 hours 5
new 48 hours8
new 7 days33
new fortnight92
new month260


Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD
Valid HTML, CSS, and RSS.
Copyright © 2000-2014 Dan Langille. All rights reserved.